Rev Author Line No. Line
130 kaklik 1 <?php
2 /***************************************************************************
3 * usercp_avatar.php
4 * -------------------
5 * begin : Saturday, Feb 13, 2001
6 * copyright : (C) 2001 The phpBB Group
7 * email : support@phpbb.com
8 *
9 * $Id: usercp_avatar.php,v 1.8.2.24 2006/05/23 21:09:27 grahamje Exp $
10 *
11 *
12 ***************************************************************************/
13  
14 /***************************************************************************
15 *
16 * This program is free software; you can redistribute it and/or modify
17 * it under the terms of the GNU General Public License as published by
18 * the Free Software Foundation; either version 2 of the License, or
19 * (at your option) any later version.
20 *
21 *
22 ***************************************************************************/
23  
24 function check_image_type(&$type, &$error, &$error_msg)
25 {
26 global $lang;
27  
28 switch( $type )
29 {
30 case 'jpeg':
31 case 'pjpeg':
32 case 'jpg':
33 return '.jpg';
34 break;
35 case 'gif':
36 return '.gif';
37 break;
38 case 'png':
39 return '.png';
40 break;
41 default:
42 $error = true;
43 $error_msg = (!empty($error_msg)) ? $error_msg . '<br />' . $lang['Avatar_filetype'] : $lang['Avatar_filetype'];
44 break;
45 }
46  
47 return false;
48 }
49  
50 function user_avatar_delete($avatar_type, $avatar_file)
51 {
52 global $board_config, $userdata;
53  
54 $avatar_file = basename($avatar_file);
55 if ( $avatar_type == USER_AVATAR_UPLOAD && $avatar_file != '' )
56 {
57 if ( @file_exists(@phpbb_realpath('./' . $board_config['avatar_path'] . '/' . $avatar_file)) )
58 {
59 @unlink('./' . $board_config['avatar_path'] . '/' . $avatar_file);
60 }
61 }
62  
63 return ", user_avatar = '', user_avatar_type = " . USER_AVATAR_NONE;
64 }
65  
66 function user_avatar_gallery($mode, &$error, &$error_msg, $avatar_filename, $avatar_category)
67 {
68 global $board_config;
69  
70 $avatar_filename = phpbb_ltrim(basename($avatar_filename), "'");
71 $avatar_category = phpbb_ltrim(basename($avatar_category), "'");
72  
73 if(!preg_match('/(\.gif$|\.png$|\.jpg|\.jpeg)$/is', $avatar_filename))
74 {
75 return '';
76 }
77  
78 if ($avatar_filename == "" || $avatar_category == "")
79 {
80 return '';
81 }
82  
83 if ( file_exists(@phpbb_realpath($board_config['avatar_gallery_path'] . '/' . $avatar_category . '/' . $avatar_filename)) && ($mode == 'editprofile') )
84 {
85 $return = ", user_avatar = '" . str_replace("\'", "''", $avatar_category . '/' . $avatar_filename) . "', user_avatar_type = " . USER_AVATAR_GALLERY;
86 }
87 else
88 {
89 $return = '';
90 }
91 return $return;
92 }
93  
94 function user_avatar_url($mode, &$error, &$error_msg, $avatar_filename)
95 {
96 global $lang;
97  
98 if ( !preg_match('#^(http)|(ftp):\/\/#i', $avatar_filename) )
99 {
100 $avatar_filename = 'http://' . $avatar_filename;
101 }
102  
103 $avatar_filename = substr($avatar_filename, 0, 100);
104  
105 if ( !preg_match("#^((ht|f)tp://)([^ \?&=\#\"\n\r\t<]*?(\.(jpg|jpeg|gif|png))$)#is", $avatar_filename) )
106 {
107 $error = true;
108 $error_msg = ( !empty($error_msg) ) ? $error_msg . '<br />' . $lang['Wrong_remote_avatar_format'] : $lang['Wrong_remote_avatar_format'];
109 return;
110 }
111  
112 return ( $mode == 'editprofile' ) ? ", user_avatar = '" . str_replace("\'", "''", $avatar_filename) . "', user_avatar_type = " . USER_AVATAR_REMOTE : '';
113  
114 }
115  
116 function user_avatar_upload($mode, $avatar_mode, &$current_avatar, &$current_type, &$error, &$error_msg, $avatar_filename, $avatar_realname, $avatar_filesize, $avatar_filetype)
117 {
118 global $board_config, $db, $lang;
119  
120 $ini_val = ( @phpversion() >= '4.0.0' ) ? 'ini_get' : 'get_cfg_var';
121  
122 $width = $height = 0;
123 $type = '';
124  
125 if ( $avatar_mode == 'remote' && preg_match('/^(http:\/\/)?([\w\-\.]+)\:?([0-9]*)\/([^ \?&=\#\"\n\r\t<]*?(\.(jpg|jpeg|gif|png)))$/', $avatar_filename, $url_ary) )
126 {
127 if ( empty($url_ary[4]) )
128 {
129 $error = true;
130 $error_msg = ( !empty($error_msg) ) ? $error_msg . '<br />' . $lang['Incomplete_URL'] : $lang['Incomplete_URL'];
131 return;
132 }
133  
134 $base_get = '/' . $url_ary[4];
135 $port = ( !empty($url_ary[3]) ) ? $url_ary[3] : 80;
136  
137 if ( !($fsock = @fsockopen($url_ary[2], $port, $errno, $errstr)) )
138 {
139 $error = true;
140 $error_msg = ( !empty($error_msg) ) ? $error_msg . '<br />' . $lang['No_connection_URL'] : $lang['No_connection_URL'];
141 return;
142 }
143  
144 @fputs($fsock, "GET $base_get HTTP/1.1\r\n");
145 @fputs($fsock, "HOST: " . $url_ary[2] . "\r\n");
146 @fputs($fsock, "Connection: close\r\n\r\n");
147  
148 unset($avatar_data);
149 while( !@feof($fsock) )
150 {
151 $avatar_data .= @fread($fsock, $board_config['avatar_filesize']);
152 }
153 @fclose($fsock);
154  
155 if (!preg_match('#Content-Length\: ([0-9]+)[^ /][\s]+#i', $avatar_data, $file_data1) || !preg_match('#Content-Type\: image/[x\-]*([a-z]+)[\s]+#i', $avatar_data, $file_data2))
156 {
157 $error = true;
158 $error_msg = ( !empty($error_msg) ) ? $error_msg . '<br />' . $lang['File_no_data'] : $lang['File_no_data'];
159 return;
160 }
161  
162 $avatar_filesize = $file_data1[1];
163 $avatar_filetype = $file_data2[1];
164  
165 if ( !$error && $avatar_filesize > 0 && $avatar_filesize < $board_config['avatar_filesize'] )
166 {
167 $avatar_data = substr($avatar_data, strlen($avatar_data) - $avatar_filesize, $avatar_filesize);
168  
169 $tmp_path = ( !@$ini_val('safe_mode') ) ? '/tmp' : './' . $board_config['avatar_path'] . '/tmp';
170 $tmp_filename = tempnam($tmp_path, uniqid(rand()) . '-');
171  
172 $fptr = @fopen($tmp_filename, 'wb');
173 $bytes_written = @fwrite($fptr, $avatar_data, $avatar_filesize);
174 @fclose($fptr);
175  
176 if ( $bytes_written != $avatar_filesize )
177 {
178 @unlink($tmp_filename);
179 message_die(GENERAL_ERROR, 'Could not write avatar file to local storage. Please contact the board administrator with this message', '', __LINE__, __FILE__);
180 }
181  
182 list($width, $height, $type) = @getimagesize($tmp_filename);
183 }
184 else
185 {
186 $l_avatar_size = sprintf($lang['Avatar_filesize'], round($board_config['avatar_filesize'] / 1024));
187  
188 $error = true;
189 $error_msg = ( !empty($error_msg) ) ? $error_msg . '<br />' . $l_avatar_size : $l_avatar_size;
190 }
191 }
192 else if ( ( file_exists(@phpbb_realpath($avatar_filename)) ) && preg_match('/\.(jpg|jpeg|gif|png)$/i', $avatar_realname) )
193 {
194 if ( $avatar_filesize <= $board_config['avatar_filesize'] && $avatar_filesize > 0 )
195 {
196 preg_match('#image\/[x\-]*([a-z]+)#', $avatar_filetype, $avatar_filetype);
197 $avatar_filetype = $avatar_filetype[1];
198 }
199 else
200 {
201 $l_avatar_size = sprintf($lang['Avatar_filesize'], round($board_config['avatar_filesize'] / 1024));
202  
203 $error = true;
204 $error_msg = ( !empty($error_msg) ) ? $error_msg . '<br />' . $l_avatar_size : $l_avatar_size;
205 return;
206 }
207  
208 list($width, $height, $type) = @getimagesize($avatar_filename);
209 }
210  
211 if ( !($imgtype = check_image_type($avatar_filetype, $error, $error_msg)) )
212 {
213 return;
214 }
215  
216 switch ($type)
217 {
218 // GIF
219 case 1:
220 if ($imgtype != '.gif')
221 {
222 @unlink($tmp_filename);
223 message_die(GENERAL_ERROR, 'Unable to upload file', '', __LINE__, __FILE__);
224 }
225 break;
226  
227 // JPG, JPC, JP2, JPX, JB2
228 case 2:
229 case 9:
230 case 10:
231 case 11:
232 case 12:
233 if ($imgtype != '.jpg' && $imgtype != '.jpeg')
234 {
235 @unlink($tmp_filename);
236 message_die(GENERAL_ERROR, 'Unable to upload file', '', __LINE__, __FILE__);
237 }
238 break;
239  
240 // PNG
241 case 3:
242 if ($imgtype != '.png')
243 {
244 @unlink($tmp_filename);
245 message_die(GENERAL_ERROR, 'Unable to upload file', '', __LINE__, __FILE__);
246 }
247 break;
248  
249 default:
250 @unlink($tmp_filename);
251 message_die(GENERAL_ERROR, 'Unable to upload file', '', __LINE__, __FILE__);
252 }
253  
254 if ( $width > 0 && $height > 0 && $width <= $board_config['avatar_max_width'] && $height <= $board_config['avatar_max_height'] )
255 {
256 $new_filename = uniqid(rand()) . $imgtype;
257  
258 if ( $mode == 'editprofile' && $current_type == USER_AVATAR_UPLOAD && $current_avatar != '' )
259 {
260 user_avatar_delete($current_type, $current_avatar);
261 }
262  
263 if( $avatar_mode == 'remote' )
264 {
265 @copy($tmp_filename, './' . $board_config['avatar_path'] . "/$new_filename");
266 @unlink($tmp_filename);
267 }
268 else
269 {
270 if ( @$ini_val('open_basedir') != '' )
271 {
272 if ( @phpversion() < '4.0.3' )
273 {
274 message_die(GENERAL_ERROR, 'open_basedir is set and your PHP version does not allow move_uploaded_file', '', __LINE__, __FILE__);
275 }
276  
277 $move_file = 'move_uploaded_file';
278 }
279 else
280 {
281 $move_file = 'copy';
282 }
283  
284 if (!is_uploaded_file($avatar_filename))
285 {
286 message_die(GENERAL_ERROR, 'Unable to upload file', '', __LINE__, __FILE__);
287 }
288 $move_file($avatar_filename, './' . $board_config['avatar_path'] . "/$new_filename");
289 }
290  
291 @chmod('./' . $board_config['avatar_path'] . "/$new_filename", 0777);
292  
293 $avatar_sql = ( $mode == 'editprofile' ) ? ", user_avatar = '$new_filename', user_avatar_type = " . USER_AVATAR_UPLOAD : "'$new_filename', " . USER_AVATAR_UPLOAD;
294 }
295 else
296 {
297 $l_avatar_size = sprintf($lang['Avatar_imagesize'], $board_config['avatar_max_width'], $board_config['avatar_max_height']);
298  
299 $error = true;
300 $error_msg = ( !empty($error_msg) ) ? $error_msg . '<br />' . $l_avatar_size : $l_avatar_size;
301 }
302  
303 return $avatar_sql;
304 }
305  
306 function display_avatar_gallery($mode, &$category, &$user_id, &$email, &$current_email, &$coppa, &$username, &$email, &$new_password, &$cur_password, &$password_confirm, &$icq, &$aim, &$msn, &$yim, &$website, &$location, &$occupation, &$interests, &$signature, &$viewemail, &$notifypm, &$popup_pm, &$notifyreply, &$attachsig, &$allowhtml, &$allowbbcode, &$allowsmilies, &$hideonline, &$style, &$language, &$timezone, &$dateformat, &$session_id)
307 {
308 global $board_config, $db, $template, $lang, $images, $theme;
309 global $phpbb_root_path, $phpEx;
310  
311 $dir = @opendir($board_config['avatar_gallery_path']);
312  
313 $avatar_images = array();
314 while( $file = @readdir($dir) )
315 {
316 if( $file != '.' && $file != '..' && !is_file($board_config['avatar_gallery_path'] . '/' . $file) && !is_link($board_config['avatar_gallery_path'] . '/' . $file) )
317 {
318 $sub_dir = @opendir($board_config['avatar_gallery_path'] . '/' . $file);
319  
320 $avatar_row_count = 0;
321 $avatar_col_count = 0;
322 while( $sub_file = @readdir($sub_dir) )
323 {
324 if( preg_match('/(\.gif$|\.png$|\.jpg|\.jpeg)$/is', $sub_file) )
325 {
326 $avatar_images[$file][$avatar_row_count][$avatar_col_count] = $sub_file;
327 $avatar_name[$file][$avatar_row_count][$avatar_col_count] = ucfirst(str_replace("_", " ", preg_replace('/^(.*)\..*$/', '\1', $sub_file)));
328  
329 $avatar_col_count++;
330 if( $avatar_col_count == 5 )
331 {
332 $avatar_row_count++;
333 $avatar_col_count = 0;
334 }
335 }
336 }
337 }
338 }
339  
340 @closedir($dir);
341  
342 @ksort($avatar_images);
343 @reset($avatar_images);
344  
345 if( empty($category) )
346 {
347 list($category, ) = each($avatar_images);
348 }
349 @reset($avatar_images);
350  
351 $s_categories = '<select name="avatarcategory">';
352 while( list($key) = each($avatar_images) )
353 {
354 $selected = ( $key == $category ) ? ' selected="selected"' : '';
355 if( count($avatar_images[$key]) )
356 {
357 $s_categories .= '<option value="' . $key . '"' . $selected . '>' . ucfirst($key) . '</option>';
358 }
359 }
360 $s_categories .= '</select>';
361  
362 $s_colspan = 0;
363 for($i = 0; $i < count($avatar_images[$category]); $i++)
364 {
365 $template->assign_block_vars("avatar_row", array());
366  
367 $s_colspan = max($s_colspan, count($avatar_images[$category][$i]));
368  
369 for($j = 0; $j < count($avatar_images[$category][$i]); $j++)
370 {
371 $template->assign_block_vars('avatar_row.avatar_column', array(
372 "AVATAR_IMAGE" => $board_config['avatar_gallery_path'] . '/' . $category . '/' . $avatar_images[$category][$i][$j],
373 "AVATAR_NAME" => $avatar_name[$category][$i][$j])
374 );
375  
376 $template->assign_block_vars('avatar_row.avatar_option_column', array(
377 "S_OPTIONS_AVATAR" => $avatar_images[$category][$i][$j])
378 );
379 }
380 }
381  
382 $params = array('coppa', 'user_id', 'username', 'email', 'current_email', 'cur_password', 'new_password', 'password_confirm', 'icq', 'aim', 'msn', 'yim', 'website', 'location', 'occupation', 'interests', 'signature', 'viewemail', 'notifypm', 'popup_pm', 'notifyreply', 'attachsig', 'allowhtml', 'allowbbcode', 'allowsmilies', 'hideonline', 'style', 'language', 'timezone', 'dateformat');
383  
384 $s_hidden_vars = '<input type="hidden" name="sid" value="' . $session_id . '" /><input type="hidden" name="agreed" value="true" /><input type="hidden" name="avatarcatname" value="' . $category . '" />';
385  
386 for($i = 0; $i < count($params); $i++)
387 {
388 $s_hidden_vars .= '<input type="hidden" name="' . $params[$i] . '" value="' . str_replace('"', '&quot;', $$params[$i]) . '" />';
389 }
390  
391 $template->assign_vars(array(
392 'L_AVATAR_GALLERY' => $lang['Avatar_gallery'],
393 'L_SELECT_AVATAR' => $lang['Select_avatar'],
394 'L_RETURN_PROFILE' => $lang['Return_profile'],
395 'L_CATEGORY' => $lang['Select_category'],
396  
397 'S_CATEGORY_SELECT' => $s_categories,
398 'S_COLSPAN' => $s_colspan,
399 'S_PROFILE_ACTION' => append_sid("profile.$phpEx?mode=$mode"),
400 'S_HIDDEN_FIELDS' => $s_hidden_vars)
401 );
402  
403 return;
404 }
405  
406 ?>